Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/p3ROJ266o2pF0nOiR0HBZYzO_HM.roa
File:                     p3ROJ266o2pF0nOiR0HBZYzO_HM.roa (raw, json)
Hash identifier:          ROb/DIruAz/5oHca7U7nr4QK7Ki0POfWjiHizu/y8lE=
Subject key identifier:   A7:74:4E:27:6E:BA:A3:6A:45:D2:73:A2:47:41:C1:65:8C:CE:FC:73
Certificate issuer:       /CN=4a6d2817491dd2cd0678068e35a9efc68667df02
Certificate serial:       019A2C6F4D3B2C8095102352FFA0A1D6C07D
Authority key identifier: 4A:6D:28:17:49:1D:D2:CD:06:78:06:8E:35:A9:EF:C6:86:67:DF:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/p3ROJ266o2pF0nOiR0HBZYzO_HM.roa
Signing time:             Tue 28 Oct 2025 20:08:03 +0000
ROA not before:           Tue 28 Oct 2025 20:08:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202827
IP address blocks:        2a10:4646:70::/48 maxlen: 48
                          2a13:89c0::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Nov 2025 08:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:2c:6f:4d:3b:2c:80:95:10:23:52:ff:a0:a1:d6:c0:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a6d2817491dd2cd0678068e35a9efc68667df02
        Validity
            Not Before: Oct 28 20:08:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a7744e276ebaa36a45d273a24741c1658ccefc73
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:5c:25:69:7c:21:48:0f:e9:1d:b9:7a:88:7f:
                    41:41:81:91:bb:65:52:a2:61:6d:2c:35:87:67:6f:
                    cb:da:de:1c:f1:10:78:89:9f:75:75:32:e5:d3:8f:
                    3b:93:31:9b:4a:a6:4b:db:74:b1:3c:48:87:e3:91:
                    d5:dc:d2:a4:5e:70:2d:f3:21:2e:90:02:b6:90:ed:
                    35:9d:f9:d6:45:e0:56:68:29:65:08:2a:35:72:8b:
                    ad:9a:c3:07:38:88:a4:66:b0:ce:20:94:da:42:d3:
                    5e:b4:a4:e6:e2:68:e1:49:02:c7:0f:09:e9:84:b3:
                    d5:c5:c0:93:a6:55:52:5e:d8:37:92:f2:ce:4d:d4:
                    1e:d7:87:fd:c2:49:dc:f0:fb:fd:ed:33:92:15:12:
                    79:ea:a8:4d:fa:04:23:00:69:47:ed:44:d1:42:d3:
                    06:40:bc:4f:a2:0e:99:67:85:3d:6a:c9:11:71:9e:
                    fd:d2:11:2a:bc:1f:b2:ff:fa:9d:06:f1:c4:6b:7b:
                    22:d1:4b:c7:ca:8f:44:9c:be:19:cd:99:9d:38:20:
                    00:9a:fa:df:02:38:e2:c0:69:cb:6f:d9:a8:78:01:
                    91:b8:44:59:b5:9a:cd:4d:b3:cd:a7:47:6d:f1:69:
                    0c:8e:b8:a7:8e:96:32:a5:14:28:3c:3d:3e:d6:b1:
                    25:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:74:4E:27:6E:BA:A3:6A:45:D2:73:A2:47:41:C1:65:8C:CE:FC:73
            X509v3 Authority Key Identifier:
                keyid:4A:6D:28:17:49:1D:D2:CD:06:78:06:8E:35:A9:EF:C6:86:67:DF:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/p3ROJ266o2pF0nOiR0HBZYzO_HM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:4646:70::/48
                  2a13:89c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         72:9f:9c:07:10:1b:34:90:8d:ba:0a:e9:c2:a2:fa:7b:e4:4e:
         b5:9a:79:5b:da:fe:1a:d2:59:49:30:47:b8:36:d8:62:13:22:
         e5:f4:1a:ec:26:3e:64:04:b8:9d:3a:0e:14:49:73:b8:07:06:
         d6:b3:e0:8e:84:51:9f:24:86:55:ee:96:d7:6b:52:d7:00:83:
         18:d0:af:c9:0d:97:8c:60:bb:7c:37:44:e3:26:01:25:97:83:
         e9:d3:10:83:bf:92:16:40:61:eb:db:d1:6d:3b:32:ac:d1:cc:
         29:a0:95:93:50:39:35:70:f9:39:b2:b0:33:5a:83:9a:3e:3f:
         7e:03:de:87:20:a7:80:15:2e:58:8d:ae:32:d1:58:47:9f:b0:
         68:e1:18:9b:01:55:b3:3d:5e:4f:ab:08:33:01:37:ad:e1:bc:
         52:fb:f9:99:82:8c:12:d9:26:0a:0a:ba:79:cb:81:dd:49:44:
         37:9c:51:cb:fd:2e:91:86:41:f4:f7:35:fb:46:50:f9:ef:3d:
         82:60:fb:65:0c:4c:14:cb:9d:53:06:62:98:a0:52:d3:30:42:
         0b:0e:7b:da:c0:3b:f7:76:07:64:39:0f:53:78:87:de:a6:29:
         dc:b5:1e:41:07:05:69:0e:1a:0d:4c:f9:97:eb:09:9c:13:3a:
         55:55:0e:2d
-----BEGIN CERTIFICATE-----
MIIFBzCCA++gAwIBAgISAZosb007LICVECNS/6Ch1sB9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNmQyODE3NDkxZGQyY2QwNjc4MDY4ZTM1YTllZmM2ODY2
N2RmMDIwHhcNMjUxMDI4MjAwODAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNzc0NGUyNzZlYmFhMzZhNDVkMjczYTI0NzQxYzE2NThjY2VmYzczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz1wlaXwhSA/pHbl6iH9BQYGRu2VS
omFtLDWHZ2/L2t4c8RB4iZ91dTLl0487kzGbSqZL23SxPEiH45HV3NKkXnAt8yEu
kAK2kO01nfnWReBWaCllCCo1coutmsMHOIikZrDOIJTaQtNetKTm4mjhSQLHDwnp
hLPVxcCTplVSXtg3kvLOTdQe14f9wknc8Pv97TOSFRJ56qhN+gQjAGlH7UTRQtMG
QLxPog6ZZ4U9askRcZ790hEqvB+y//qdBvHEa3si0UvHyo9EnL4ZzZmdOCAAmvrf
AjjiwGnLb9moeAGRuERZtZrNTbPNp0dt8WkMjrinjpYypRQoPD0+1rElOwIDAQAB
o4ICEzCCAg8wHQYDVR0OBBYEFKd0TiduuqNqRdJzokdBwWWMzvxzMB8GA1UdIwQY
MBaAFEptKBdJHdLNBngGjjWp78aGZ98CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU20wb0Ywa2QwczBHZUFhT05hbnZ4b1puM3dJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC85NDg4YzctODQ5Yy00ZmYxLWFiNGMt
YWU5MjgzZTc5NjRlLzEvcDNST0oyNjZvMnBGMG5PaVIwSEJaWXpPX0hNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC85NDg4YzctODQ5Yy00ZmYxLWFiNGMtYWU5MjgzZTc5NjRl
LzEvU20wb0Ywa2QwczBHZUFhT05hbnZ4b1puM3dJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCkGCCsGAQUFBwEHAQH/BBowGDAWBAIAAjAQAwcAKhBGRgBw
AwUAKhOJwDANBgkqhkiG9w0BAQsFAAOCAQEAcp+cBxAbNJCNugrpwqL6e+ROtZp5
W9r+GtJZSTBHuDbYYhMi5fQa7CY+ZAS4nToOFElzuAcG1rPgjoRRnySGVe6W12tS
1wCDGNCvyQ2XjGC7fDdE4yYBJZeD6dMQg7+SFkBh69vRbTsyrNHMKaCVk1A5NXD5
ObKwM1qDmj4/fgPehyCngBUuWI2uMtFYR5+waOEYmwFVsz1eT6sIMwE3reG8Uvv5
mYKMEtkmCgq6ecuB3UlEN5xRy/0ukYZB9Pc1+0ZQ+e89gmD7ZQxMFMudUwZimKBS
0zBCCw572sA793YHZDkPU3iH3qYp3LUeQQcFaQ4aDUz5l+sJnBM6VVUOLQ==
-----END CERTIFICATE-----